umair shakil wrote: > Salam, > > Squid actually Proxy will do the trick.... Nope. Not if they are installed on those PCs. > > Regards, > > Umair Shakil > ETD > > On 10/19/07, *Arne Pelka* < lists at arnepelka.de > <mailto:lists at arnepelka.de>> wrote: > > Hi, > > I have two pc using centos 4, these machines need only access to the > (big, class b) local network. Because of security reasons the network > access should be restricted to this local network - mainly the users > of these pc should not be able to access webpages outside of the local > network. My problem is, that I have no own centos repository and > therefore these two pc need access to the centos mirrors to get updates. > What would be the best way to restrict the network access to the local > network and allow the access to some external addresses (a centos > mirror and maybe some other servers/websites). > I was thinking about iptables but I'm not very experienced in this > questions - maybe there is an easier way. The configuration with > iptables seems to be very complex, I was skimming through some > tutorials and the man pages. > Just block outgoing connections to all webservers but those that are allowed. iptables -A OUTPUT -p tcp --dport 80 -d allowedip -j ACCEPT iptables -A OUTPUT -p tcp --dport 80 -d centosmirror -j ACCEPT iptables -A OUTPUT -p tcp --dport 80 -j DROP or REJECT Or to be more complete: iptables -P OUTPUT DROP or REJECT iptables -A OUTPUT -d localnet -j ACCEPT iptables -A OUTPUT -p tcp --dport 80 -d centosmirror -j ACCEPT iptables -A OUTPUT -p tcp --dport 80 -d allowedip -j ACCEPT and so on.